Biggest Hack affects millions May 12, 2017

[StockEngine]

At least 74 countries affected. I think it crippled several banks in my locale.


Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool - NYTimes.com


Sent from my SM-G935F using Tsikot Forums mobile app

[BratPAQ]

Kaya it's always good to have an offline backup. Saka di naman totoo yang makukuha mo pa data mo once you paid.

Sent from my SM-G955F using Tapatalk

[StockEngine]

email server namin hindi pa na offline... tsk.

Sent from my SM-G935F using Tsikot Forums mobile app

[sientobente]

Sabi ng empleyado ko, this spreads through port 445, so you have to block that port. Mga tao kasi di na natuto, bukas ng bukas ng mga suspicious email.

Sent from my SM-G955F using Tapatalk

[chronicle]

Port 445 is smb. So kung may shared drive kayo sa network, di rin useful iblock ang smb.

[BratPAQ]

I know someone was attacked by a ransomware in the past. And they were able to pinpoint the particular employee who clicked a link on the email and the specific time. But I'm not sure what they did with that employee.

So yeah, be careful on what you click cause might cost you your job.

Sent from my SM-G955F using Tapatalk

[StockEngine]

epic stuff... 150+nations kuno

At least 1, groups in 15 countries hit by ransomware

Sent from my SM-G935F using Tsikot Forums mobile app

[badkuk]

afaik the ransomware exploits vulnerabilities in older Windows operating systems...which were highlighted by a recent leak of NSA hacking tools. Aside from the usual propagation through trojan/windows share+autorun trick, it also actively scans your network and infects vulnerable systems.

Microsoft has released patches for the vulnerability for older Windows OSes. If you're still using them, apply them now. i just saw a video showing how a vulnerable system got infected in real-time, within minutes.

[badkuk]

^ To add, just because you don't see the ransomware pop-up, doesn't mean you're in the clear. Apparently it has a "kill-switch" -- a researcher found out that the ransomware stops when it can resolve a specific domain name(which he has graciously registered for $10.64)...it's unclear whether this will stop the ransomware -- please note that the infection may still be there, it's just dormant.


And, expect more copycats in the future.

[Monseratto]

Better update your computers now and back up your files...

[badkuk]

They're speculating that a lot of the computers in NHS are still running Windows XP, hence the gravity of the attack. imho this is more a malware outbreak than it is a hack attack ... which is kinda good, since there is no group of "evil hackers" breaking into the government/corporations...bad, because anybody, even your lola's PC at home, is a target.

[Monseratto]

Ransomware cyber-attack a wake-up call, Microsoft warns - BBC News

Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the virus, he said.

A UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".

[badkuk]

Dunno if my understanding is correct...even without the patches from Microsoft for vulnerable Windows OSes, can't you configure the built-in firewall to block incoming file & printer/windows sharing and stop the exploit before it happens?

[chronicle]

^
You can configure port blocking. But then, you won't be able to use the said port and its use.
Also, we dont know when the next malware will attack and what port will it use. So blocking all ports is not really a good option unless your business or user only uses a very specific port and nothing else.